There
are
multiple
vulnerabilities
in
IBM®
Runtime
Environment
Javaâ„¢
Technology
Edition,
Version
5.0
Service
Refresh
16
Fix
Pack
6
and
Version
6
Service
Refresh
16
and
earlier,
that
is
used
by
IBM
Tivoli
Provisioning
Manager.
These
issues
were
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
July
2014.
CVE(s): CVE-2014-4263 and CVE-2014-4244
Affected
... [ + Read more ]

There
are
multiple
vulnerabilities
in
IBM®
SDK
Javaâ„¢
Technology
Edition,
Version
5
and
Version
7
that
is
shipped
with
IBM
Tivoli
System
Automation
for
Multiplatforms.
These
issues
were
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
October
2014.
This
also
includes
a
fix
for
the
Padding
Oracle
On
... [ + Read more ]

There
are
multiple
vulnerabilities
in
IBM®
SDK
Javaâ„¢
Technology
Edition,
Version
5
and
Version
7
that
is
shipped
with
IBM
Tivoli
System
Automation
Application
Manager.
These
issues
were
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
October
2014.
This
also
includes
a
fix
for
the
Padding
Oracle
On
... [ + Read more ]

There
are
cross-site
scripting
and
remove
code
execution
vulnerabilities
in
code
that
is
used
by
Maximo
Asset
Management,
Maximo
Asset
Management
Essentials,
Maximo
Industry
Solutions
(including
Maximo
for
Government,
Maximo
for
Nuclear
Power,
Maximo
for
Transportation,
Maximo
for
Life
Sciences,
Maximo
for
Oil
and
Gas
and
Maximo
for
Utilities),
Tivoli
... [ + Read more ]

IBM
TRIRIGA
Application
Platform
could
allow
a
remote
attacker
to
conduct
phishing
attacks,
caused
by
an
open
redirect
vulnerability.
By
sending
a
specially
crafted
URL,
an
attacker
could
exploit
this
vulnerability
using
the
out
parameter
to
redirect
a
victim
to
arbitrary
Web
sites.
CVE(s):
CVE-2014-8894
Affected
product(s)
and
affected
version(s):
IBM
TRIRIGA
Application
... [ + Read more ]

IBM
TRIRIGA
Application
Platform
is
vulnerable
to
cross-site
scripting,
caused
by
improper
validation
of
user-supplied
input.
A
remote
attacker
could
exploit
this
vulnerability
using
a
specially-crafted
URL
to
execute
script
in
a
victim's
Web
browser
within
the
security
context
of
the
hosting
Web
site,
once
the
URL
is
clicked.
An
... [ + Read more ]

There
are
multiple
vulnerabilities
in
IBM®
SDK
Javaâ„¢
Technology
Edition,
Version
7
Service
Refresh
7
and
earlier,
and
IBM®
Runtime
Environment
Javaâ„¢
Technology
Edition,
Version
7
Service
Refresh
7
and
earlier,
that
is
used
by
IBM
Endpoint
Manager
for
Remote
Control.
This
also
includes
a
fix
for
the
Padding
Oracle
... [ + Read more ]

There
are
multiple
vulnerabilities
in
IBM®
Runtime
Environment
Javaâ„¢
Technology
Edition,
Versions
5
and
7
that
are
used
by
IBM
Tivoli
Application
Dependency
Discovery
Manager
(TADDM).
These
issues
were
disclosed
as
part
of
the
IBM
SDK,
Java
Technology
Edition
Quarterly
CPU
-
October
2014
-
Includes
Oracle
October
2014
CPU
... [ + Read more ]

There
are
multiple
vulnerabilities
in
IBM®
Runtime
Environment
Javaâ„¢
Technology
Edition,
Versions
6
and
7
that
are
used
by
Tivoli
Netcool/OMNIbus.
This
also
includes
a
fix
for
the
Padding
Oracle
On
Downgraded
Legacy
Encryption
(POODLE)
SSLv3
vulnerability
(CVE-2014-3566).
These
were
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
... [ + Read more ]

There
is
a
vulnerability
in
IBM®
Runtime
Javaâ„¢
Technology
Edition,
Version
6
that
is
used
by
the
Enterprise
Common
Collector
(a
component
of
IBM
Tivoli
zEnterprise
Monitoring
Agent,
a
component
of
IBM
Tivoli
Monitoring).
This
issue
was
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
October
2014.
CVE(s):
CVE-2014-6457
Affected
... [ + Read more ]

SSLv3
contains
a
vulnerability
that
has
been
referred
to
as
the
Padding
Oracle
On
Downgraded
Legacy
Encryption
(POODLE)
attack.
SSLv3
is
enabled
in
TRIRIGA
for
Energy
Optimization
(previously
known
as
Intelligent
Building
Management).
CVE(s):
CVE-2014-3566
Affected
product(s)
and
affected
version(s):
Principal
Product
and
Version(s)
Affected
Supporting
Product
and
Version
Intelligent
Building
Management
1.1
and
TRIRIGA
... [ + Read more ]

SSLv3
contains
a
vulnerability
that
has
been
referred
to
as
the
Padding
Oracle
On
Downgraded
Legacy
Encryption
(POODLE)
attack.
SSLv3
is
enabled
in
Tivoli
Endpoint
Manager
for
Remote
Control.
CVE(s):
CVE-2014-3566
Affected
product(s)
and
affected
version(s):
Tivoli
Endpoint
Manager
for
Remote
Control
version
8.2.1
Refer
to
the
following
reference
URLs
for
remediation
and
additional
... [ + Read more ]

SSLv3
contains
a
vulnerability
that
has
been
referred
to
as
the
Padding
Oracle
On
Downgraded
Legacy
Encryption
(POODLE)
attack.
SSLv3
is
enabled
in
IBM®
Endpoint
Manager
for
Remote
Control.
CVE(s):
CVE-2014-3566
Affected
product(s)
and
affected
version(s):
IBM
Endpoint
Manager
for
Remote
Control
versions
9.1.0
and
9.0.1
Refer
to
the
following
reference
URLs
for
remediation
... [ + Read more ]

Vulnerabilities
have
been
discovered
in
the
OpenSSL
libraries
used
by
IBM
Endpoint
Manager
9.2.
Two
of
these
vulnerabilities
could
allow
attackers
to
create
a
denial
of
services
attack
or
to
craft
a
man-in-middle
attack
to
hijack
sessions
or
to
get
sensitive
information.
Attackers
could
also
hijack
a
browser
session
to
gain
... [ + Read more ]